Audit - Internal control Flashcards

1
Q

How can you define Internal control ?

A

The process designed⇒ implemented ⇒ maintained by management to provide
reasonable assurance about the reliability of financial reporting, effectiveness of operations and compliance with laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the objectives of Internal control ?

A

1- Reliability of financial reporting
2- Compliance with laws and regulations
3- Effectiveness and efficiency of operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Steps of the auditor’s work on Internal control ?

A

1- Documenting / evaluating : collect data ( Narratives, flowcharts, questionnaires)
2- Testing of controls : performed to verify Design and implementation
3- Report internal control weaknesses to management
4 - Decide the extent of Substantive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the drawbacks of each type of documenting data over internal control ?

A

Narratives : might be insufficient in complex processes such as sales
Flowcharts : helps spot missing controls but an amendment may require drawing the whole chart
Questionnaire : easy to overstate the level of certain controls, questions should be well tailored to avoid misunderstanding risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the components of the internal control

A
1- Control activities
2- Risk assessment
3- information system and communication
4- Monitoring
5 - Control environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1 - Control activities refers to …… used to … Internal control in order to

A

Control activities refers to policies and standards used to implement Internal control in order to mitigate risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2 - Risk assessment : auditor should …

A

1- understand the process of the company
2- identify and asses ROMM in financial reporting
3- and then evaluate whether there is a deficiency in the risk assessment process of the internal auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3 - Information system and communication

auditor should understand how …

A
  • Transactions are recorded, corrected and transferred to GL and reported in FS
  • How the client communicates, financial reporting matters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4 - Monitoring

verify is there an effective …

A
  • an effective internal control
  • should be reviewed over time on an ongoing basis or in a separate periods
  • report deficiencies to appropriate leadership
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5 - Control environment refers to the … and … of the organization and actions

A

The tone and attitude, it includes actions of TCWG : ( PHRASED)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If internal control is poor and a company’s accounting practices are sloppy, which risk is higher?

A

Control risk increases with poor internal controls and sloppy accounting practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If internal control is poor, what is the effect on the audit?

A

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does internal control provide reasonable assurance for?

A

Internal control provides reasonable assurance that:

  • Material misstatements will be prevented
  • Reliability/integrity of financial statements will be preserved
  • Assets are protected against misuse
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is required in an examination of internal control under Sarbanes-Oxley?

A

CEO/CFO must disclose internal control deficiencies.
Management must provide assessment of internal control.
Management must certify financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the relationship between internal control and substantive testing?

A

Inverse Relationship

Stronger Internal Controls = Less Testing Needed
Weaker Internal Controls = More Testing Needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three objectives of internal control?

A

The objectives of internal control are:

Reliability of financial reporting
Operational efficiency/effectiveness
Compliance with laws and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose for a Control Environment assessment?

A

A Control Environment assessment sets tone for the entire company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the components of the Control Environment?

A

The components of Control Environment are:

Integrity/Ethics of Management
Competence of Management
Organizational Structure
Human Resource Policies
Assignment of Authority/Responsibility
Management's Style (riskier with a dominant/aggressive individual)
Board/Audit Committee involvement
19
Q

What does an auditor’s assessment of Detection Risk determine?

A

Detection Risk determines nature, timing, and extent of audit procedures.

20
Q

What determines the acceptable level of Detection Risk?

A

Risk of material misstatement determines acceptable level of Detection Risk.

21
Q

What situations or circumstances could increase the risk of material misstatement?

A
Rapid growth in the company
Major changes to Operations
Personnel
IT Systems
Products
Corporate organization 
Foreign operations
22
Q

What happens when Control Risk is assessed to be at the maximum level?

A

No Internal Control testing is performed.

All audit procedures are increased in intensity to compensate for increased risk.

23
Q

What happens when Control Risk is below the maximum level?

A

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests.

Auditor adjusts substantive tests accordingly.

Weaker Internal Control - More substantive tests

Stronger Internal Control - Less substantive tests

24
Q

Describe some common examples of Control Activities.

A

Control Activities include:

Performance Reviews
Information Processing
Physical Controls
Segregation of Duties

25
What should an auditor understand with respect to Information and Communication on an audit?
An auditor should understand client's: - Major Transaction classes - Transaction initiation - Support records/ documents - Transaction processing - FS internal reporting process - FS External reporting process
26
How must an auditor document understanding of Internal Control?
Through Written documentation such as : Memos, Flowcharts and questionnaire
27
What questions should be asked to determine the risk of material misstatement?
Were all transaction recorded ? Were they timely ? Were they measured appropriately ? Were they recorded in correct period ? Were they presented and disclosed properly ? Did management communicate their responsibilities ?
28
What is the purpose of internal control testing and what procedures does the auditor perform to test internal controls?
Auditor needs reasonable assurance that controls are functioning as designed and effective : Internal control should be strong like IRON so that nothing gets past them: I : Inquiry : Interview company personnel R: Reperformance: Can it be replicated Observation: Watch control be applied Inspection : Dig into the details/documents If results are as expected, Substantive procedures do not need to be adjusted
29
When can controls tested by an auditor in a prior year be used in the current year's audit assessment?
assuming they are r-tested every third year
30
What happens if Internal Controls are deficient?
- Control risk increases - Scope of Sub Procedure increases - Detection risk decreases - Material weakness
31
What is a Material Weakness?
Reasonable possibility exists that a material misstatements in FS would not be found, and has more than a remote chance of occurrence
32
What does Tracing test?
Tracing tests Completeness, it starts with the source document and traces forward to the journal entry
33
What does Vouching test?
Vouching tests existence , it starts with journal entry and searches for a voucher or source document to support the entry
34
What activities represent Segregation of Duties?
Non-Compatible duties performed by separate individuals such as : Authorization of assets - Disbursement vs Recording of assets vs Custody of assets: - If supporting audit evidence doesn't exist, use Observation and Inquiry - Accounting should be segregated from production
35
With respect to signing checks, how are duties segregated?
Employees who prepare vouchers/ invoices should not also have the authority to sign checks - Remember this as an underlying theme with Segregation of duties The authority to make a payment should not also lie in the hands of those creating invoices/vouchers why ? People commit fraud by setting up fake companies and basically paying themselves
36
With respect to custody of assets, how should duties be segregated?
- Employees who have custody of assets should not also record those assets - Someone in charge of petty cash should not also control the petty cash records - Treasury Department (Custodians) should NOT record keeping duties. They control assets and should not be able to adjust any recording of those assets
37
What are the limitations on Control Activities?
Controls can't stop collusion or bad judgment - Management can override controls - Cos vs Benefit relationship of Internal Control
38
What is required if a Material Weakness is identified?
A written report to management is required: - Report declaring that no material weaknesses were found is allowed - Previous weaknesses reported that still exist should be reported again - Shoudl be reported no later than 60 days after audit report release date - If one or more material weakness is uncorrected at year-end , an Adverse Opinion on Internal control must be given
39
What is the effect of a Significant Deficiency? What is it?
A Significant deficiency adversely affects a company's ability to report in the FS according to GAAP - A significant deficiency is more than a remote likelihood of material misstatements by more than an inconsequential amount
40
What must occur if a Significant Deficiency is identified?
- If a significant deficiency is identified, a Written report to management is required - Report declaring that no significant deficiencies exist is not allowed - Previous deficiencies reported that still exist should be reported again - Should be reported no later than 60 days after the audit report release date>
41
What is a Control Deficiency?
A control is not operating as intended
42
What must an auditor ask if using the work of third parties?
ARE THEY COMPETENT ? Are they objective ?
43
What must an auditor understand with respect to internal auditors?
- The role of internal auditors within the organization because their work affects the audit plan - Responsability for judgements about materiality ir apropriatness of entries or estimates cannot be shared with third parties like Internal auditors - I.A should be asked to do some of the legwork like preparing schedule or running reprots - They should not be asked to make any judgements or decisons